SQL Server Audit has an 'Addlogin' event and a 'Add Login to Server Role' event. For example, when a login is created or granted membership in SYSADMIN group.

http://msdn.microsoft.com/en-us/library/ms188646.aspx

But this doesn't handle the scenario where a domain account (ex: mycorp\johnsmith) becomes a member of a domain or local admin group (ex: mycorp\ProductionDBA or Builtin\Administrators) that has SYSADMIN membership. That's not a SQL Server meta-data change, but rather a change in Active Directory.

Using the following technique, you can leverage xp_logininfo to report on what accounts have SYSADMIN membership, either explicitly or via a domain group.

http://www.sqlservercentral.com/articles/Security/76919/